Transcription

1 This sample report is published with prior consent of our client in view of the fact that the current release of this web application is three major releases ahead in its life cycle. Issues pointed out in this report are no longer relevant. The purpose of this report is to educate our prospective clients about capabilities of Hackers Locked.

4 1. Introduction The document hereby describes the proceedings and results of Vulnerability Assessment and Penetration testing conducted for their Sahrat Arabia Web Applications by the activity was performed from 27 th October 20XX to as a part of a risk management exercise. The scope of the activity covered the Vulnerability Assessment and Penetration testing of its web application.. 2. Scope of Work The scope of work was limited to the External Penetration Testing for Sahrat Arabia web applications. This assessment would prioritize the discovered risks, based on the impact and also generate a detailed report of the exercise with possible recommendations, which shall guide the organization into selecting a cost effective method to mitigate the identified risks. SQL injection. Data Input Validation. Open redirection vectors. Authentication vulnerabilities like weak passwords, username enumeration, and logic flaws. Defects in session handling, such as predictable tokens, unsafe transmission of tokens, session Fixation and liberal cookie scope. Broken access controls, leading to horizontal and vertical privilege escalation. Local privacy vulnerabilities, resulting in sensitive data being stored in cookies, the browser cache and the auto complete store. Classic vulnerabilities in native code components, such as buffer overflows, integer arithmetic flaws, and format string bugs Classification: Confidential 4

5 3. Execution Methodology The entire test is conducted from internet. At the end of the security testing, Penetration testers identifies the possible security threats and documents them, to be submitted as a final report. The Assessment was done from HackerLocked Penetration Testing Lab network, using various tools and techniques. The tests were conducted for the following website: The various steps followed as part of attack and penetration has been given below: Web Application and Web Server Information Gathering Web Application Vulnerability Scanning Exploiting Vulnerabilities 4. Our Approach In order to assess the security of the target systems Hackers Locked followed a unique Penetration testing methodology based on the Open Source Security Testing Methodology Manual (OSSTMM), NIST Standards as well as Open Web Application Security Project (OWASP). Classification: Confidential 5

6 Following is the methodology that we followed for the testing: A brief description on each of the approach steps is given below: Analyzing the application and deciding which areas need testing Hacking the areas where the vulnerability is expected Documentation of the found vulnerabilities Discussions of the possible causes Discussions on the possible remediation Classification: Confidential 6

7 5. Summary of the Results To prioritize the vulnerabilities and the risk factors we have categorized the findings as High, Medium and Low or Informational based on the severity. The factors such as impact, popularity and simplicity of the attacks are considered in determining the severity of the vulnerabilities as given below RATING LEVEL OF SEVERITY HIGH High risk vulnerability can be exploited by an attacker to gain full administrator/root access to the application or its underlying operating system. MEDIUM LOW Medium risk vulnerability reveals information about the application and its underlying infrastructure that can be used by an attacker in conjunction with another vulnerability to gain administrative control of the application or its underlying operating system. Low risk vulnerability can result in enumeration of vital Information held by or about the Application or its underlying operating system. INFORMATIONAL Information risk Vulnerability can result to lead further attacks. That allows attackers to collect sensitive information about the applications (open ports, services, database, version of software installed etc.) Classification: Confidential 7

8 6. Detailed Report We have identified lots of vulnerabilities for Sharat Arabia application website 6.1 Information Gathering and Foot Printing: Test Performed Severity Findings Information Gathering and Foot Printing Informational It was observed that the target host belongs to Sahrat Arabia domain and it is registered with a hosting Provider. The contact details are available publicly giving a slight opportunity for the attackers to misuse the information available on the Internet. Recommendation It is recommended to confirm that the records are up to date and request the service provider to hide the details. Figure 1: Snapshot below indicates that the target host registered to which Site Hosting Provider Classification: Confidential 8

9 Operating System and Service Identification Classification: Confidential 9

10 The Operating system/services were identified based on the crafted packets sent to the server and received the approximate results. We have taken all possible measures to avoid false positives although it is not possible to eliminate them fully. S. No IP Address Operating System / Application Open and Exposed Services Linux 2.6 Operating System Web service, service, FTP 6.2 Port Scanning Test Performed Severity Port Scanning Low Classification: Confidential 10

11 Findings With customized scripts and tools like Nmap it is possible to retrieve Port Information of a target host using Port Scanning Method. Recommendation It is recommended to block unused service Ports. Figure 2: Snapshot below indicates the Ports which are Listening in sahrat arabia webserver. 6.3 Privilege Escalation Classification: Confidential 11

12 This phase describes about escalating the privileges using the open ports and services found on the target systems. Nessus, Paros Proxy, Nikto, Brutus, Burp Suite, Core Impact and manual techniques were used to check for the vulnerabilities on the systems. The detailed observations and techniques are provided below Test Performed Severity Findings Recommendation URL manipulation attacks High Entered URL in a web browser. And able to login to administrator webpage without userid and password. Which makes an attacker can again system level privileges to control the host. It is recommended to put necessary access controls in website. And enable highest level of security to safeguard user account details. Figure 3: Snapshot below indicates the admin webpage of sahrat arabia webserver. Classification: Confidential 12

17 Severity Findings Recommendation High Malicious users may inject JavaScript, VBScript, ActiveX, HTML or Flash into a vulnerable application to fool a user in order to gather data from them. An attacker can steal the session cookie and take over the account, impersonating the user. It is also possible to modify the content of the page presented to the user. Filter metacharacters from user input. Figure 7: Snapshot below indicates the attacker can inject malicious code in to a vulnerable application The GET variable albumid has been set to --><ScRiPt%20%0a%0d>alert( )%3B</ScRiPt> and Get Variable country has been set to <ScRiPt%20%0a%0d>alert( )%3B</ScRiPt>. Classification: Confidential 17

20 The GET variable country has been set to <iframe/+/onload=alert( )></iframe>. Figure 8: Snapshot below indicates the attacker can inject malicious code in to a vulnerable application. The GET variable country has been set. Classification: Confidential 20

24 Severity Findings Recommendation Medium PHPinfo page has been found on this directory. The PHPinfo page outputs a large amount of information about the current state of PHP. This file may expose sensitive information that may help an malicious user to prepare more advanced attacks. Remove the file from production systems. URL: We found <title>phpinfo()</title> - END OF THE REPORT - Classification: Confidential 24

(WAPT) Web Application Penetration Testing Module 0: Introduction 1. Introduction to the course. 2. How to get most out of the course 3. Resources you will need for the course 4. What is WAPT? Module 1:

Threat Modeling Categorizing the nature and severity of system vulnerabilities John B. Dickson, CISSP What is Threat Modeling? Structured approach to identifying, quantifying, and addressing threats. Threat

Network Security Audit Vulnerability Assessment (VA) Introduction Vulnerability Assessment is the systematic examination of an information system (IS) or product to determine the adequacy of security measures.

Web Application Threats and Vulnerabilities Web Server Hacking and Web Application Vulnerability WWW Based upon HTTP and HTML Runs in TCP s application layer Runs on top of the Internet Used to exchange

SENSITIVE AUSTRALIAN SPORTS COMMISSION ATHLETE MANAGEMENT SYSTEM (AMS) SMARTBASE SECURITY TEST PLAN Final Version 1.0 Preconditions This security testing plan is dependent on the following preconditions:

WEB APPLICATION HACKING Part 2: Tools of the Trade (and how to use them) Jonathan Eddy September 27, 2013 Last Updated September 27, 2013 MAPPING THE APPLICATION 4 2 ENUMERATING CONTENT AND FUNCTIONALITY

Purpose: The Department of Information Technology (DoIT) is committed to developing secure applications. DoIT s System Development Methodology (SDM) and Application Development requirements ensure that

Recon and Mapping Tools and Exploitation Tools in SamuraiWTF Report section Nick Robbins During initial stages of penetration testing it is essential to build a strong information foundation before you

ASL IT Security Advanced Web Exploitation Kung Fu V2.0 A S L I T S e c u r i t y P v t L t d. Page 1 Overview: There is a lot more in modern day web exploitation than the good old alert( xss ) and union

Passing PCI Compliance How to Address the Application Security Mandates The Payment Card Industry Data Security Standards includes several requirements that mandate security at the application layer. These

1 ITEC441- IS Security Chapter 15 Performing a Penetration Test The PenTest A penetration test (pentest) simulates methods that intruders use to gain unauthorized access to an organization s network and

Learn Ethical Hacking, Become a Pentester Course Syllabus & Certification Program DOCUMENT CLASSIFICATION: PUBLIC Copyrighted Material No part of this publication, in whole or in part, may be reproduced,

Information Security Training Importance of Information Security Training There is only one way to keep your product plans safe and that is by having a trained, aware and a conscientious workforce. - Kevin

Introduction to Web Application Security Microsoft CSO Roundtable Houston, TX September 13 th, 2006 Overview Background What is Application Security and Why Is It Important? Examples Where Do We Go From

Detecting and Exploiting XSS with Xenotix XSS Exploit Framework ajin25@gmail.com keralacyberforce.in Introduction Cross Site Scripting or XSS vulnerabilities have been reported and exploited since 1990s.

Nessus scanning on Windows Domain A little inside information and Nessus can go a long way By Sunil Vakharia sunilv@phreaker.net Version 1.0 4 November 2003 About this paper This paper is not a tutorial

Purpose: This procedure identifies what is required to ensure the development of a secure application. Procedure: The five basic areas covered by this document include: Standards for Privacy and Security

Project OWASP and two most frequent vulnerabilities in web applications Filip Šebesta, Wilson Tuladhar 2010 Abstract With the rapid use of the Internet, there has been a rapid growth in websites and web

Essential IT Security Testing Application Security Testing for System Testers By Andrew Muller Director of Ionize Who is this guy? IT Security consultant to the stars Member of OWASP Member of IT-012-04

Penetration Testing with Kali Linux PWK Copyright 2014 Offensive Security Ltd. All rights reserved. Page 1 of 11 All rights reserved to Offensive Security, 2014 No part of this publication, in whole or

Conducting Web Application Pentests From Scoping to Report For Education Purposes Only Web App Pen Tests According to OWASP: A Web Application Penetration Test focuses only on evaluating the security of

THE OPEN UNIVERSITY OF TANZANIA Institute of Educational and Management Technologies COURSE OUTLINES FOR DIPLOMA IN COMPUTER SCIENCE 2 nd YEAR (NTA LEVEL 6) SEMESTER I 06101: Advanced Website Design Gather

External Network & Web Application Assessment For The XXX Group LLC October 2012 This report is solely for the use of client personal. No part of it may be circulated, quoted, or reproduced for distribution

COURSE NAME: INFORMATION SECURITY INTERNSHIP PROGRAM Course Description This is the Information Security Training program. The Training provides you Penetration Testing in the various field of cyber world.

Bridging the Gap - Security and Software Testing Roberto Suggi Liverani ANZTB Test Conference - March 2011 1 Agenda Roberto, what test are you doing? Is this a defect, vulnerability or both? What can we

Security and Vulnerability Testing How critical it is? It begins and ends with your willingness and drive to change the way you perform testing today Security and Vulnerability Testing - Challenges and

Security-as-a-Service (Sec-aaS) Framework Service Introduction Need of Information Security Program In current high-tech environment, we are getting more dependent on information systems. This dependency

To ensure the functioning of the site, we use cookies. We share information about your activities on the site with our partners and Google partners: social networks and companies engaged in advertising and web analytics. For more information, see the Privacy Policy and Google Privacy &amp Terms.
Your consent to our cookies if you continue to use this website.